CIP Cyber Security Physical Security of BES Cyber Systems

Size: px
Start display at page:

Download "CIP Cyber Security Physical Security of BES Cyber Systems"

Transcription

1 A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 4. Applicability: 4.1. Functional Entities: For the purpose of the requirements contained herein, the following list of functional entities will be collectively referred to as Responsible Entities. For requirements in this standard where a specific functional entity or subset of functional entities are the applicable entity or entities, the functional entity or entities are specified explicitly Balancing Authority Distribution Provider that owns one or more of the following Facilities, systems, and equipment for the protection or restoration of the BES: Each underfrequency Load shedding (UFLS) or undervoltage Load shedding (UVLS) system that: is part of a Load shedding program that is subject to one or more requirements in a NERC or Regional Reliability Standard; and performs automatic Load shedding under a common control system owned by the Responsible Entity, without human operator initiation, of 300 MW or more Each Special Protection System or Remedial Action Scheme where the Special Protection System or Remedial Action Scheme is subject to one or more requirements in a NERC or Regional Reliability Standard Each Protection System (excluding UFLS and UVLS) that applies to Transmission where the Protection System is subject to one or more requirements in a NERC or Regional Reliability Standard Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started Generator Operator Generator Owner Interchange Coordinator or Interchange Authority Reliability Coordinator Page 1 of 35

2 4.1.7 Transmission Operator Transmission Owner 4.2. Facilities: For the purpose of the requirements contained herein, the following Facilities, systems, and equipment owned by each Responsible Entity in 4.1 above are those to which these requirements are applicable. For requirements in this standard where a specific type of Facilities, system, or equipment or subset of Facilities, systems, and equipment are applicable, these are specified explicitly Distribution Provider: One or more of the following Facilities, systems and equipment owned by the Distribution Provider for the protection or restoration of the BES: Each UFLS or UVLS System that: is part of a Load shedding program that is subject to one or more requirements in a NERC or Regional Reliability Standard; and performs automatic Load shedding under a common control system owned by the Responsible Entity, without human operator initiation, of 300 MW or more Each Special Protection System or Remedial Action Scheme where the Special Protection System or Remedial Action Scheme is subject to one or more requirements in a NERC or Regional Reliability Standard Each Protection System (excluding UFLS and UVLS) that applies to Transmission where the Protection System is subject to one or more requirements in a NERC or Regional Reliability Standard Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started Responsible Entities listed in 4.1 other than Distribution Providers: All BES Facilities Exemptions: The following are exempt from Standard CIP-006-5: Cyber Assets at Facilities regulated by the Canadian Nuclear Safety Commission Cyber Assets associated with communication networks and data communication links between discrete Electronic Security Perimeters The systems, structures, and components that are regulated by the Nuclear Regulatory Commission under a cyber security plan pursuant to 10 C.F.R. Section Page 2 of 35

3 For Distribution Providers, the systems and equipment that are not included in section above Responsible Entities that identify that they have no BES Cyber Systems categorized as high impact or medium impact according to the CIP identification and categorization processes. 5. Effective Dates: Months Minimum CIP shall become effective on the later of July 1, 2015, or the first calendar day of the ninth calendar quarter after the effective date of the order providing applicable regulatory approval. 2. In those jurisdictions where no regulatory approval is required, CIP shall become effective on the first day of the ninth calendar quarter following Board of Trustees approval, or as otherwise made effective pursuant to the laws applicable to such ERO governmental authorities. 6. Background: Standard CIP exists as part of a suite of CIP Standards related to cyber security. CIP requires the initial identification and categorization of BES Cyber Systems. CIP-003-5, CIP-004-5, CIP-005-5, CIP-006-5, CIP-007-5, CIP-008-5, CIP-009-5, CIP-010-1, and CIP require a minimum level of organizational, operational and procedural controls to mitigate risk to BES Cyber Systems. This suite of CIP Standards is referred to as the Version 5 CIP Cyber Security Standards. Most requirements open with, Each Responsible Entity shall implement one or more documented [processes, plan, etc] that include the applicable items in [Table Reference]. The referenced table requires the applicable items in the procedures for the requirement s common subject matter. The SDT has incorporated within this standard a recognition that certain requirements should not focus on individual instances of failure as a sole basis for violating the standard. In particular, the SDT has incorporated an approach to empower and enable the industry to identify, assess, and correct deficiencies in the implementation of certain requirements. The intent is to change the basis of a violation in those requirements so that they are not focused on whether there is a deficiency, but on identifying, assessing, and correcting deficiencies. It is presented in those requirements by modifying implement as follows: Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies,... The term documented processes refers to a set of required instructions specific to the Responsible Entity and to achieve a specific outcome. This term does not imply any particular naming or approval structure beyond what is stated in the requirements. An entity should include as much as it believes necessary in their documented processes, but they must address the applicable requirements in the table. The Page 3 of 35

4 documented processes themselves are not required to include the... identifies, assesses, and corrects deficiencies,..." elements described in the preceding paragraph, as those aspects are related to the manner of implementation of the documented processes and could be accomplished through other controls or compliance management activities. The terms program and plan are sometimes used in place of documented processes where it makes sense and is commonly understood. For example, documented processes describing a response are typically referred to as plans (i.e., incident response plans and recovery plans). Likewise, a security plan can describe an approach involving multiple procedures to address a broad subject matter. Similarly, the term program may refer to the organization s overall implementation of its policies, plans and procedures involving a subject matter. Examples in the standards include the personnel risk assessment program and the personnel training program. The full implementation of the CIP Cyber Security Standards could also be referred to as a program. However, the terms program and plan do not imply any additional requirements beyond what is stated in the standards. Responsible Entities can implement common controls that meet requirements for multiple high and medium impact BES Cyber Systems. For example, a single training program could meet the requirements for training personnel across multiple BES Cyber Systems. Measures for the initial requirement are simply the documented processes themselves. Measures in the table rows provide examples of evidence to show documentation and implementation of applicable items in the documented processes. These measures serve to provide guidance to entities in acceptable records of compliance and should not be viewed as an all-inclusive list. Throughout the standards, unless otherwise stated, bulleted items in the requirements and measures are items that are linked with an or, and numbered items are items that are linked with an and. Many references in the Applicability section use a threshold of 300 MW for UFLS and UVLS. This particular threshold of 300 MW for UVLS and UFLS was provided in Version 1 of the CIP Cyber Security Standards. The threshold remains at 300 MW since it is specifically addressing UVLS and UFLS, which are last ditch efforts to save the Bulk Electric System. A review of UFLS tolerances defined within regional reliability standards for UFLS program requirements to date indicates that the historical value of 300 MW represents an adequate and reasonable threshold value for allowable UFLS operational tolerances. Applicable Systems Columns in Tables: Each table has an Applicable Systems column to further define the scope of systems to which a specific requirement row applies. The CSO706 SDT adapted this concept from the National Institute of Standards and Technology ( NIST ) Risk Management Page 4 of 35

5 Framework as a way of applying requirements more appropriately based on impact and connectivity characteristics. The following conventions are used in the Applicable Systems column as described. High Impact BES Cyber Systems Applies to BES Cyber Systems categorized as high impact according to the CIP identification and categorization processes. Medium Impact BES Cyber Systems Applies to BES Cyber Systems categorized as medium impact according to the CIP identification and categorization processes. Medium Impact BES Cyber Systems without External Routable Connectivity Only applies to medium impact BES Cyber Systems without External Routable Connectivity. Medium Impact BES Cyber Systems with External Routable Connectivity Only applies to medium impact BES Cyber Systems with External Routable Connectivity. This also excludes Cyber Assets in the BES Cyber System that cannot be directly accessed through External Routable Connectivity. Electronic Access Control or Monitoring Systems (EACMS) Applies to each Electronic Access Control or Monitoring System associated with a referenced high impact BES Cyber System or medium impact BES Cyber System. Examples may include, but are not limited to, firewalls, authentication servers, and log monitoring and alerting systems. Physical Access Control Systems (PACS) Applies to each Physical Access Control System associated with a referenced high impact BES Cyber System or medium impact BES Cyber System. Protected Cyber Assets (PCA) Applies to each Protected Cyber Asset associated with a referenced high impact BES Cyber System or medium impact BES Cyber System. Locally mounted hardware or devices at the Physical Security Perimeter Applies to the locally mounted hardware or devices (e.g. such as motion sensors, electronic lock control mechanisms, and badge readers) at a Physical Security Perimeter associated with a referenced high impact BES Cyber System or medium impact BES Cyber System with External Routable Connectivity, and that does not contain or store access control information or independently perform access authentication. These hardware and devices are excluded in the definition of Physical Access Control Systems. Page 5 of 35

6 B. Requirements and Measures R1. Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies, one or more documented physical security plans that collectively include all of the applicable requirement parts in CIP Table R1 Physical Security Plan. [Violation Risk Factor: Medium] [Time Horizon: Long Term Planning and Same Day Operations]. M1. Evidence must include each of the documented physical security plans that collectively include all of the applicable requirement parts in CIP Table R1 Physical Security Plan and additional evidence to demonstrate implementation of the plan or plans as described in the Measures column of the table. CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.1 Medium Impact BES Cyber Systems without External Routable Connectivity Physical Access Control Systems (PACS) associated with: High Impact BES Cyber Systems, or Medium Impact BES Cyber Systems with External Routable Connectivity Define operational or procedural controls to restrict physical access. An example of evidence may include, but is not limited to, documentation that operational or procedural controls exist. Page 6 of 35

7 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.2 Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Utilize at least one physical access control to allow unescorted physical access into each applicable Physical Security Perimeter to only those individuals who have authorized unescorted physical access. An example of evidence may include, but is not limited to, language in the physical security plan that describes each Physical Security Perimeter and how unescorted physical access is controlled by one or more different methods and proof that unescorted physical access is restricted to only authorized individuals, such as a list of authorized individuals accompanied by access logs. Page 7 of 35

8 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.3 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Where technically feasible, utilize two or more different physical access controls (this does not require two completely independent physical access control systems) to collectively allow unescorted physical access into Physical Security Perimeters to only those individuals who have authorized unescorted physical access. An example of evidence may include, but is not limited to, language in the physical security plan that describes the Physical Security Perimeters and how unescorted physical access is controlled by two or more different methods and proof that unescorted physical access is restricted to only authorized individuals, such as a list of authorized individuals accompanied by access logs. Page 8 of 35

9 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.4 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Monitor for unauthorized access through a physical access point into a Physical Security Perimeter. An example of evidence may include, but is not limited to, documentation of controls that monitor for unauthorized access through a physical access point into a Physical Security Perimeter. Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Page 9 of 35

10 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.5 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA 1.6 Physical Access Control Systems (PACS) associated with: High Impact BES Cyber Systems, or Medium Impact BES Cyber Systems with External Routable Connectivity Issue an alarm or alert in response to detected unauthorized access through a physical access point into a Physical Security Perimeter to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of detection. Monitor each Physical Access Control System for unauthorized physical access to a Physical Access Control System. An example of evidence may include, but is not limited to, language in the physical security plan that describes the issuance of an alarm or alert in response to unauthorized access through a physical access control into a Physical Security Perimeter and additional evidence that the alarm or alert was issued and communicated as identified in the BES Cyber Security Incident Response Plan, such as manual or electronic alarm or alert logs, cell phone or pager logs, or other evidence that documents that the alarm or alert was generated and communicated. An example of evidence may include, but is not limited to, documentation of controls that monitor for unauthorized physical access to a PACS. Page 10 of 35

11 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.7 Physical Access Control Systems (PACS) associated with: High Impact BES Cyber Systems, or Medium Impact BES Cyber Systems with External Routable Connectivity Issue an alarm or alert in response to detected unauthorized physical access to a Physical Access Control System to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of the detection. An example of evidence may include, but is not limited to, language in the physical security plan that describes the issuance of an alarm or alert in response to unauthorized physical access to Physical Access Control Systems and additional evidence that the alarm or alerts was issued and communicated as identified in the BES Cyber Security Incident Response Plan, such as alarm or alert logs, cell phone or pager logs, or other evidence that the alarm or alert was generated and communicated. Page 11 of 35

12 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.8 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Log (through automated means or by personnel who control entry) entry of each individual with authorized unescorted physical access into each Physical Security Perimeter, with information to identify the individual and date and time of entry. An example of evidence may include, but is not limited to, language in the physical security plan that describes logging and recording of physical entry into each Physical Security Perimeter and additional evidence to demonstrate that this logging has been implemented, such as logs of physical access into Physical Security Perimeters that show the individual and the date and time of entry into Physical Security Perimeter. Page 12 of 35

13 CIP Table R1 Physical Security Plan Part Applicable Systems Requirements Measures 1.9 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Retain physical access logs of entry of individuals with authorized unescorted physical access into each Physical Security Perimeter for at least ninety calendar days. An example of evidence may include, but is not limited to, dated documentation such as logs of physical access into Physical Security Perimeters that show the date and time of entry into Physical Security Perimeter. R2. Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies, one or more documented visitor control programs that include each of the applicable requirement parts in CIP Table R2 Visitor Control Program. [Violation Risk Factor: Medium] [Time Horizon: Same Day Operations.] M2. Evidence must include one or more documented visitor control programs that collectively include each of the applicable requirement parts in CIP Table R2 Visitor Control Program and additional evidence to demonstrate implementation as described in the Measures column of the table. Page 13 of 35

14 CIP Table R2 Visitor Control Program Part Applicable Systems Requirements Measures 2.1 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Require continuous escorted access of visitors (individuals who are provided access but are not authorized for unescorted physical access) within each Physical Security Perimeter, except during CIP Exceptional Circumstances. An example of evidence may include, but is not limited to, language in a visitor control program that requires continuous escorted access of visitors within Physical Security Perimeters and additional evidence to demonstrate that the process was implemented, such as visitor logs. Page 14 of 35

15 CIP Table R2 Visitor Control Program Part Applicable Systems Requirements Measures 2.2 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA 2.3 High Impact BES Cyber Systems and their associated: 1. EACMS; and 2. PCA Require manual or automated logging of visitor entry into and exit from the Physical Security Perimeter that includes date and time of the initial entry and last exit, the visitor s name, and the name of an individual point of contact responsible for the visitor, except during CIP Exceptional Circumstances. Retain visitor logs for at least ninety calendar days. An example of evidence may include, but is not limited to, language in a visitor control program that requires continuous escorted access of visitors within Physical Security Perimeters and additional evidence to demonstrate that the process was implemented, such as dated visitor logs that include the required information. An example of evidence may include, but is not limited to, documentation showing logs have been retained for at least ninety calendar days. Medium Impact BES Cyber Systems with External Routable Connectivity and their associated: 1. EACMS; and 2. PCA Page 15 of 35

16 R3. Each Responsible Entity shall implement one or more documented Physical Access Control System maintenance and testing programs that collectively include each of the applicable requirement parts in CIP Table R3 Maintenance and Testing Program. [Violation Risk Factor: Medium] [Time Horizon: Long Term Planning]. M3. Evidence must include each of the documented Physical Access Control System maintenance and testing programs that collectively include each of the applicable requirement parts in CIP Table R3 Maintenance and Testing Program and additional evidence to demonstrate implementation as described in the Measures column of the table. CIP Table R3 Physical Access Control System Maintenance and Testing Program Part Applicable Systems Requirement Measures 3.1 Physical Access Control Systems (PACS) associated with: High Impact BES Cyber Systems, or Medium Impact BES Cyber Systems with External Routable Connectivity Locally mounted hardware or devices at the Physical Security Perimeter associated with: High Impact BES Cyber Systems, or Medium Impact BES Cyber Systems with External Routable Connectivity Maintenance and testing of each Physical Access Control System and locally mounted hardware or devices at the Physical Security Perimeter at least once every 24 calendar months to ensure they function properly. An example of evidence may include, but is not limited to, a maintenance and testing program that provides for testing each Physical Access Control System and locally mounted hardware or devices associated with each applicable Physical Security Perimeter at least once every 24 calendar months and additional evidence to demonstrate that this testing was done, such as dated maintenance records, or other documentation showing testing and maintenance has been performed on each applicable device or system at least once every 24 calendar months. Page 16 of 35

17 C. Compliance 1. Compliance Monitoring Process: 1.1. Compliance Enforcement Authority: The Regional Entity shall serve as the Compliance Enforcement Authority ( CEA ) unless the applicable entity is owned, operated, or controlled by the Regional Entity. In such cases the ERO or a Regional Entity approved by FERC or other applicable governmental authority shall serve as the CEA Evidence Retention: The following evidence retention periods identify the period of time an entity is required to retain specific evidence to demonstrate compliance. For instances where the evidence retention period specified below is shorter than the time since the last audit, the CEA may ask an entity to provide other evidence to show that it was compliant for the full time period since the last audit. shall keep data or evidence to show compliance as identified below unless directed by its CEA to retain specific evidence for a longer period of time as part of an investigation: Each Responsible Entity shall retain evidence of each requirement in this standard for three calendar years. If a Responsible Entity is found non-compliant, it shall keep information related to the non-compliance until mitigation is complete and approved or for the time specified above, whichever is longer. The CEA shall keep the last audit records and all requested and submitted subsequent audit records Compliance Monitoring and Assessment Processes: Compliance Audit Self-Certification Spot Checking Compliance Investigation Self-Reporting Complaint 1.4. Additional Compliance Information: None Page 17 of 35

18 2. Table of Compliance Elements R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL R1 Long Term Planning Same-Day Operations Medium The Responsible Entity has a process to log authorized physical entry into any Physical Security Perimeter with sufficient information to identify the individual and date and time of entry and identified deficiencies but did not assess or correct the deficiencies. (1.8) The Responsible Entity has a has a process to alert for unauthorized physical access to Physical Access Control Systems and identified deficiencies but did not assess or correct the deficiencies. (1.7) has a process to alert for unauthorized physical access to Physical Access Control Systems but did not identify, assess, or correct the deficiencies. (1.7) has a process communicate alerts within 15 minutes to identified personnel and has a process to alert for detected unauthorized access through a physical access point into a Physical security Perimeter and identified deficiencies but did not assess or correct the deficiencies. (1.5) has a process to alert for detected unauthorized access through a physical access point into a Physical security Perimeter but did not identify, assess, or correct deficiencies. (1.5) did not document or implement operational or procedural controls to restrict physical access. (1.1) documented and implemented operational or procedural controls to restrict physical access and identified deficiencies but did not assess or correct the deficiencies. (1.1) documented and implemented operational or procedural controls to restrict physical access but did not identify, Page 18 of 35

19 R # Time Horizon VRF process to log authorized physical entry into any Physical Security Perimeter with sufficient information to identify the individual and date and time of entry but did not identify, assess, or correct the deficiencies. (1.8) The Responsible Entity has a process to retain physical access logs for 90 calendar days and identified Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL identified deficiencies assess, or correct the but did not assess or deficiencies. (1.1) correct the deficiencies. (1.7) has a process communicate alerts within 15 minutes to identified personnel but did not identify, assess, or correct the deficiencies. (1.7) has a process to communicate alerts within 15 minutes to identified personnel and identified deficiencies but did not assess or correct the deficiencies. (1.5) has a process to communicate alerts within 15 minutes to identified personnel but did not identify, assess, or correct the deficiencies. (1.5) has a process to monitor for unauthorized physical access to a Physical Access Control Systems and identified deficiencies but did not assess or correct the has documented and implemented physical access controls, but at least one control does not exist to restrict access to Applicable Systems. (1.2) has documented and implemented physical access controls, restricts access to Applicable Systems using at least one control, and identified deficiencies, but did not assess or correct the deficiencies. (1.2) has documented and Page 19 of 35

20 R # Time Horizon VRF deficiencies but did not assess or correct the deficiencies. (1.9) The Responsible Entity has a process to retain physical access logs for 90 calendar days but did not identify, assess, or correct the deficiencies. (1.9) Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL deficiencies. (1.6) implemented physical access controls, restricts access to Applicable Systems using at least one control, but did not identify, assess, or correct the deficiencies. (1.2) has a process to monitor for unauthorized physical access to a Physical Access Control Systems but did not identify, assess, or correct the deficiencies. (1.6) has documented and implemented physical access controls, but at least two different controls do not exist to restrict access to Applicable Systems. (1.3) documented and implemented operational or procedural controls, restricts access to Applicable Systems using at least two Page 20 of 35

21 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL different controls, and identified deficiencies, but did not assess or correct the deficiencies. (1.3) documented and implemented operational or procedural controls, restricts access to Applicable Systems using at least two different controls, but did not identify, assess, or correct the deficiencies. (1.3) does not have a process to monitor for unauthorized access through a physical access point into a Physical Security Page 21 of 35

22 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL Perimeter. (1.4) has a process to monitor for unauthorized access through a physical access point into a Physical Security Perimeter and identified deficiencies, but did not assess or correct the deficiencies. (1.4) has a process to monitor for unauthorized access through a physical access point into a Physical Security Perimeter, but did not identify, assess, or correct the deficiencies. (1.4) Page 22 of 35

23 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL does not have a process to alert for detected unauthorized access through a physical access point into a Physical security Perimeter or to communicate such alerts within 15 minutes to identified personnel. (1.5) does not have a process to monitor each Physical Access Control System for unauthorized physical access to a Physical Access Control Systems. (1.6) does not have a process to alert for unauthorized physical access to Physical Page 23 of 35

24 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL Access Control Systems or to communicate such alerts within 15 minutes to identified personnel (1.7) does not have a process to log authorized physical entry into each Physical Security Perimeter with sufficient information to identify the individual and date and time of entry. (1.8) does not have a process to retain physical access logs for 90 calendar days. (1.9) R2 Same-Day Operations Medium N/A included a visitor control program that requires logging of each included a visitor control program that requires continuous has failed to include or implement a visitor control program that Page 24 of 35

25 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL of the initial entry and last exit dates and times of the visitor, the visitor s name, and the point of contact and escorted access of visitors within any Physical Security Perimeter, and identified deficiencies requires continuous escorted access of visitors within any Physical Security Perimeter. (2.1) identified deficiencies but did not assess or but did not assess or correct deficiencies. correct the deficiencies. (2.1) (2.2) included a visitor control program that requires logging of the initial entry and last exit dates and times of the visitor, the visitor s name, and the point of contact and but did not identify, assess, or correct the deficiencies. (2.2) included a visitor control program to retain visitor logs for at included a visitor control program that requires continuous escorted access of visitors within any Physical Security Perimeter but did not identify, assess, or correct deficiencies. (2.1) has failed to include or implement a visitor control program that requires logging of the initial entry and last exit dates and times of the visitor, the visitor s name, and the point of contact. (2.2) failed to include or implement a visitor control program to retain visitor logs for at least ninety days. (2.3) Page 25 of 35

26 R # Time Horizon VRF Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL least ninety days and identified deficiencies but did not assess or correct the deficiencies. (2.3) included a visitor control program to retain visitor logs for at least ninety days but did not identify, assess, or correct the deficiencies. (2.3) R3 Long Term Planning Medium The Responsible Entity has documented and implemented a maintenance and testing program for Physical Access Control Systems and locally has documented and implemented a maintenance and testing program for Physical Access Control Systems and locally mounted hardware or devices at the Physical Security Perimeter, but did not complete required testing within 25 calendar months but has documented and implemented a maintenance and testing program for Physical Access Control Systems and locally mounted hardware or devices at the Physical Security Perimeter, but did not complete required testing within 26 calendar months but has not documented and implemented a maintenance and testing program for Physical Access Control Systems and locally mounted hardware or devices at the Physical Security Perimeter. (3.1) Page 26 of 35

27 R # Time Horizon VRF mounted hardware or devices at the Physical Security Perimeter, but did not complete required testing within 24 calendar months but did complete required testing within 25 calendar months. (3.1) Violation Severity Levels (CIP-006-5) Lower VSL Moderate VSL High VSL Severe VSL did complete required did complete required testing within 26 testing within 27 calendar months. (3.1) calendar months. (3.1) has documented and implemented a maintenance and testing program for Physical Access Control Systems and locally mounted hardware or devices at the Physical Security Perimeter, but did not complete required testing within 27 calendar months. (3.1) Page 27 of 35

28 D. Regional Variances None. E. Interpretations None. F. Associated Documents None. Page 28 of 35

29 Guidelines and Technical Basis Guidelines and Technical Basis Section 4 Scope of Applicability of the CIP Cyber Security Standards Section 4. Applicability of the standards provides important information for Responsible Entities to determine the scope of the applicability of the CIP Cyber Security Requirements. Section 4.1. Functional Entities is a list of NERC functional entities to which the standard applies. If the entity is registered as one or more of the functional entities listed in Section 4.1, then the NERC CIP Cyber Security Standards apply. Note that there is a qualification in Section 4.1 that restricts the applicability in the case of Distribution Providers to only those that own certain types of systems and equipment listed in 4.2. Furthermore, Section 4.2. Facilities defines the scope of the Facilities, systems, and equipment owned by the Responsible Entity, as qualified in Section 4.1, that is subject to the requirements of the standard. As specified in the exemption section , this standard does not apply to Responsible Entities that do not have High Impact or Medium Impact BES Cyber Systems under CIP s categorization. In addition to the set of BES Facilities, Control Centers, and other systems and equipment, the list includes the set of systems and equipment owned by Distribution Providers. While the NERC Glossary term Facilities already includes the BES characteristic, the additional use of the term BES here is meant to reinforce the scope of applicability of these Facilities where it is used, especially in this applicability scoping section. This in effect sets the scope of Facilities, systems, and equipment that is subject to the standards. General: While the focus is shifted from the definition and management of a completely enclosed sixwall boundary, it is expected in many instances this will remain a primary mechanism for controlling, alerting, and logging access to BES Cyber Systems. Taken together, these controls will effectively constitute the physical security plan to manage physical access to BES Cyber Systems. Requirement R1: Methods of physical access control include: Card Key: A means of electronic access where the access rights of the card holder are predefined in a computer database. Access rights may differ from one perimeter to another. Special Locks: These include, but are not limited to, locks with restricted key systems, magnetic locks that can be operated remotely, and man-trap systems. Security Personnel: Personnel responsible for controlling physical access who may reside on-site or at a monitoring station. Page 29 of 35

30 Guidelines and Technical Basis Other Authentication Devices: Biometric, keypad, token, or other equivalent devices that control physical access into the Physical Security Perimeter. Methods to monitor physical access include: Alarm Systems: Systems that alarm to indicate interior motion or when a door, gate, or window has been opened without authorization. These alarms must provide for notification within 15 minutes to individuals responsible for response. Human Observation of Access Points: Monitoring of physical access points by security personnel who are also controlling physical access. Methods to log physical access include: Computerized Logging: Electronic logs produced by the Responsible Entity s selected access control and alerting method. Video Recording: Electronic capture of video images of sufficient quality to determine identity. Manual Logging: A log book or sign-in sheet, or other record of physical access maintained by security or other personnel authorized to control and monitor physical access. The FERC Order No. 706, Paragraph 572, directive discussed utilizing two or more different and complementary physical access controls to provide defense in depth. It does not require two or more Physical Security Perimeters, nor does it exclude the use of layered perimeters. Use of two-factor authentication would be acceptable at the same entry points for a non-layered single perimeter. For example, a sole perimeter s controls could include either a combination of card key and pin code (something you know and something you have), or a card key and biometric scanner (something you have and something you are), or a physical key in combination with a guard-monitored remote camera and door release, where the guard has adequate information to authenticate the person they are observing or talking to prior to permitting access (something you have and something you are). The two-factor authentication could be implemented using a single Physical Access Control System but more than one authentication method must be utilized. For physically layered protection, a locked gate in combination with a locked control-building could be acceptable, provided no single authenticator (e.g., key or card key) would provide access through both. Entities may choose for certain PACS to reside in a PSP controlling access to applicable BES Cyber Systems. For these PACS, there is no additional obligation to comply with Requirement Parts 1.1, 1.7 and 1.8 beyond what is already required for the PSP. Requirement R2: The logging of visitors should capture each visit of the individual and does not need to capture each entry or exit during that visit. This is meant to allow a visitor to temporarily exit the Physical Security Perimeter to obtain something they left in their vehicle or outside the area without requiring a new log entry for each and every entry during the visit. Page 30 of 35

31 Guidelines and Technical Basis The SDT also determined that a point of contact should be documented who can provide additional details about the visit if questions arise in the future. The point of contact could be the escort, but there is no need to document everyone that acted as an escort for the visitor. Requirement R3: This includes the testing of locally mounted hardware or devices used in controlling, alerting or logging access to the Physical Security Perimeter. This includes motion sensors, electronic lock control mechanisms, and badge readers which are not deemed to be part of the Physical Access Control System but are required for the protection of the BES Cyber Systems. Rationale: During the development of this standard, references to prior versions of the CIP standards and rationale for the requirements and their parts were embedded within the standard. Upon BOT approval, that information was moved to this section. Rationale for R1: Each Responsible Entity shall ensure that physical access to all BES Cyber Systems is restricted and appropriately managed. Entities may choose for certain PACS to reside in a PSP controlling access to applicable BES Cyber Systems. For these PACS, there is no additional obligation to comply with Requirement Parts 1.1, 1.7 and 1.8 beyond what is already required for the PSP. Summary of Changes: The entire content of CIP is intended to constitute a physical security program. This represents a change from previous versions, since there was no specific requirement to have a physical security program in previous versions of the standards, only requirements for physical security plans. Added details to address FERC Order No. 706, Paragraph 572, directives for physical security defense in depth. Additional guidance on physical security defense in depth provided to address the directive in FERC Order No. 706, Paragraph 575. Reference to prior version: (Part 1.1) CIP-006-4c, R2.1 for Physical Access Control Systems New Requirement for Medium Impact BES Cyber Systems not having External Routable Connectivity Change Rationale: (Part 1.1) To allow for programmatic protection controls as a baseline (which also includes how the entity plans to protect Medium Impact BES Cyber Systems that do not have External Routable Connectivity not otherwise covered under Part 1.2, and it does not require a detailed list of individuals with access). Physical Access Control Systems do not themselves need to be protected at the same level as required in Parts 1.2 through 1.5. Reference to prior version: (Part 1.2) CIP006-4c, R3 & R4 Change Rationale: (Part 1.2) Page 31 of 35

32 Guidelines and Technical Basis This requirement has been made more general to allow for alternate measures of restricting physical access. Specific examples of methods a Responsible Entity can take to restricting access to BES Cyber Systems has been moved to the Guidelines and Technical Basis section. Reference to prior version: (Part 1.3) CIP006-4c, R3 & R4 Change Rationale: (Part 1.3) The specific examples that specify methods a Responsible Entity can take to restricting access to BES Cyber Systems has been moved to the Guidelines and Technical Basis section. This requirement has been made more general to allow for alternate measures of controlling physical access. Added to address FERC Order No. 706, Paragraph 572, related directives for physical security defense in depth. FERC Order No. 706, Paragraph 575, directives addressed by providing the examples in the guidance document of physical security defense in depth via multi-factor authentication or layered Physical Security Perimeter(s). Reference to prior version: (Part 1.4) CIP006-4c, R5 Change Rationale: (Part 1.4) Examples of monitoring methods have been moved to the Guidelines and Technical Basis section. Reference to prior version: (Part 1.5) CIP006-4c, R5 Change Rationale: (Part 1.5) Examples of monitoring methods have been moved to the Guidelines and Technical Basis section. Reference to prior version: (Part 1.6) CIP006-4c, R5 Change Rationale: (Part 1.6) Addresses the prior CIP-006-4c, Requirement R5 requirement for Physical Access Control Systems. Reference to prior version: (Part 1.7) CIP006-4c, R5 Change Rationale: (Part 1.7) Addresses the prior CIP-006-4c, Requirement R5 requirement for Physical Access Control Systems. Reference to prior version: (Part 1.8) CIP-006-4c, R6 Change Rationale: (Part 1.8) Page 32 of 35

33 Guidelines and Technical Basis CIP-006-4c, Requirement R6 was specific to the logging of access at identified access points. This requirement more generally requires logging of authorized physical access into the Physical Security Perimeter. Examples of logging methods have been moved to the Guidelines and Technical Basis section. Reference to prior version: (Part 1.9) CIP-006-4c, R7 Change Rationale: (Part 1.9) No change. Rationale for R2: To control when personnel without authorized unescorted physical access can be in any Physical Security Perimeters protecting BES Cyber Systems or Electronic Access Control or Monitoring Systems, as applicable in Table R2. Summary of Changes: Reformatted into table structure. Originally added in Version 3 per FERC Order issued September 30, Reference to prior version: (Part 2.1) CIP-006-4c, R1.6.2 Change Rationale: (Part 2.1) Added the ability to not do this during CIP Exceptional Circumstances. Reference to prior version: (Part 2.2) CIP-006-4c R1.6.1 Change Rationale: (Part 2.2) Added the ability to not do this during CIP Exceptional Circumstances, addressed multi-entry scenarios of the same person in a day (log first entry and last exit), and name of the person who is responsible or sponsor for the visitor. There is no requirement to document the escort or handoffs between escorts. Reference to prior version: (Part 2.3) CIP-006-4c, R7 Change Rationale: (Part 2.3) No change Rationale for R3: To ensure all Physical Access Control Systems and devices continue to function properly. Summary of Changes: Reformatted into table structure. Added details to address FERC Order No. 706, Paragraph 581, directives to test more frequently than every three years. Page 33 of 35

34 Guidelines and Technical Basis Reference to prior version: (Part 3.1) CIP-006-4c, R8.1 and R8.2 Change Rationale: (Part 3.1) Added details to address FERC Order No. 706, Paragraph 581 directives to test more frequently than every three years. The SDT determined that annual testing was too often and agreed on two years. Version History Version Date Action Change Tracking 1 1/16/06 R3.2 Change Control Center to control center. 2 9/30/09 Modifications to clarify the requirements and to bring the compliance elements into conformance with the latest guidelines for developing compliance elements of standards. Removal of reasonable business judgment. Replaced the RRO with the RE as a responsible entity. Rewording of Effective Date. Changed compliance monitor to Compliance Enforcement Authority. 3 12/16/09 Updated Version Number from -2 to -3 In Requirement 1.6, deleted the sentence pertaining to removing component or system from service in order to perform testing, in response to FERC order issued September 30, /16/09 Approved by the NERC Board of Trustees. 3 3/31/10 Approved by FERC. 4 1/24/11 Approved by the NERC Board of Trustees. 3/24/ /26/12 Adopted by the NERC Board of Trustees. Modified to coordinate with other CIP standards and to revise format to use RBS Template. Page 34 of 35

35 Guidelines and Technical Basis Version Date Action Change Tracking 5 11/22/13 FERC Order issued approving CIP /9/14 FERC Letter Order issued approving VRFs and VSLs revisions to certain CIP standards. CIP Requirement R3 changed from Lower to Medium. Page 35 of 35

36 * F INFMATIONAL PURPOSES ONLY * Effective Date of Standard: CIP Cyber Security - Physical Security of BES Cyber Systems null Standard Requirement Effective Date of Standard Phased In Inactive Date Implementation Date (if applicable) This standard has not yet been approved by the applicable regulatory authority. Printed On: February 01, 2018, 12:34 PM

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-6 3. Purpose: To manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

CIP Cyber Security Systems Security Management

CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

requirements in a NERC or Regional Reliability Standard.

requirements in a NERC or Regional Reliability Standard. A. Introduction 1. Title: Cyber Security Information Protection 2. Number: CIP 011 1 3. Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Information Protection

CIP Cyber Security Information Protection A. Introduction 1. Title: Cyber Security Information Protection 2. Number: CIP-011-2 3. Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements

More information

CIP Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-5 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP-006-4c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security

More information

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program

More information

CIP Cyber Security Security Management Controls. A. Introduction

CIP Cyber Security Security Management Controls. A. Introduction CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security

More information

CIP Cyber Security Configuration Management and Vulnerability Assessments

CIP Cyber Security Configuration Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security

More information

CIP Cyber Security Incident Reporting and Response Planning

CIP Cyber Security Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:

More information

CIP Cyber Security Security Management Controls. Standard Development Timeline

CIP Cyber Security Security Management Controls. Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP Cyber Security Critical Cyber As s et Identification

Standard CIP Cyber Security Critical Cyber As s et Identification A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard Development Timeline

Standard Development Timeline CIP-008-6 Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

A. Introduction. Page 1 of 22

A. Introduction. Page 1 of 22 The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

CIP Cyber Security Systems Security Management

CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-6 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in

More information

Standard Development Timeline

Standard Development Timeline CIP-003-67(i) - Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when

More information

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program

More information

Standard CIP Cyber Security Critical Cyber As s et Identification

Standard CIP Cyber Security Critical Cyber As s et Identification A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification

More information

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Security Management Controls

CIP Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and

More information

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP Cyber Security Incident Reporting and Response Planning

Standard CIP Cyber Security Incident Reporting and Response Planning A. Introduction 1. Title: Cyber Security Incident Reporting and Response Planning 2. Number: CIP-008-4 3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and reporting

More information

Standard CIP-006-1a Cyber Security Physical Security

Standard CIP-006-1a Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program

More information

Standard CIP 007 4a Cyber Security Systems Security Management

Standard CIP 007 4a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for

More information

Standard Development Timeline

Standard Development Timeline CIP 003 7 Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

Standard CIP Cyber Security Security Management Controls

Standard CIP Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in

More information

Standard CIP Cyber Security Systems Security Management

Standard CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

Standard CIP 004 3a Cyber Security Personnel and Training

Standard CIP 004 3a Cyber Security Personnel and Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard Development Timeline

Standard Development Timeline CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the

More information

Standard Development Timeline

Standard Development Timeline CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the

More information

NB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems

NB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems This appendix establishes modifications to the FERC approved NERC standard CIP-009-6 for its specific application in New Brunswick. This appendix must be read with CIP-009-6 to determine a full understanding

More information

NB Appendix CIP NB-0 - Cyber Security Personnel & Training

NB Appendix CIP NB-0 - Cyber Security Personnel & Training This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding

More information

requirements in a NERC or Regional Reliability Standard.

requirements in a NERC or Regional Reliability Standard. CIP 002 5.1 Cyber Security BES Cyber System Categorization A. Introduction 1. Title: Cyber Security BES Cyber System Categorization 2. Number: CIP 002 5.1 3. Purpose: To identify and categorize BES Cyber

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES 002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Standard COM Communication and Coordination

Standard COM Communication and Coordination A. Introduction 1. Title: Communication and Coordination 2. Number: COM-002-3 3. Purpose: To ensure Emergency communications between operating personnel are effective. 4. Applicability 4.1. Reliability

More information

Standard CIP Cyber Security Systems Security Management

Standard CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing

More information

A. Introduction. B. Requirements and Measures

A. Introduction. B. Requirements and Measures A. Introduction 1. Title: Communications 2. Number: COM-001-3 3. Purpose: To establish Communication capabilities necessary to maintain reliability. 4. Applicability: 4.1. Functional Entities: 4.1.1. Transmission

More information

Standard INT Dynamic Transfers

Standard INT Dynamic Transfers A. Introduction 1. Title: Dynamic Transfers 2. Number: INT-004-3 3. Purpose: To ensure Dynamic Schedules and Pseudo-Ties are communicated and accounted for appropriately in congestion management procedures.

More information

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010 Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes

More information

5. Effective Date: The first day of the first calendar quarter after applicable regulatory approval.

5. Effective Date: The first day of the first calendar quarter after applicable regulatory approval. Introduction 1. Title: IROL and SOL Mitigation in the ERCOT Region 2. Number: IRO-006-TRE-1 3. Purpose: To provide and execute transmission loading relief procedures that can be used to mitigate SOL or

More information

TOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities

TOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities A. Introduction 1. Title: Real-time Reliability Monitoring and Analysis Capabilities 2. Number: TOP-010-1(i) 3. Purpose: Establish requirements for Real-time monitoring and analysis capabilities to support

More information

primary Control Center, for the exchange of Real-time data with its Balancing

primary Control Center, for the exchange of Real-time data with its Balancing A. Introduction 1. Title: Reliability Coordination Monitoring and Analysis 2. Number: IRO-002-5 3. Purpose: To provide System Operators with the capabilities necessary to monitor and analyze data needed

More information

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Critical Cyber Asset Identification Security Management Controls

Critical Cyber Asset Identification Security Management Controls Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.

More information

Standard INT Dynamic Transfers

Standard INT Dynamic Transfers Standard INT-004-3.1 Dynamic Transfers A. Introduction 1. Title: Dynamic Transfers 2. Number: INT-004-3.1 3. Purpose: To ensure Dynamic Schedules and Pseudo-Ties are communicated and accounted for appropriately

More information

CIP Standards Development Overview

CIP Standards Development Overview CIP Standards Development Overview CSSDTO706 Meeting with FERC Technical Staff July 28, 2011 Objectives Historical Timeline CIP-002-4 CIP-005-4 CIP Version 5 2 Project 2008-06 Overview FERC Order 706 SDT

More information

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks

More information

Alberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5

Alberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against

More information

Unofficial Comment Form Project Operating Personnel Communications Protocols COM-002-4

Unofficial Comment Form Project Operating Personnel Communications Protocols COM-002-4 Project 2007-02 Operating Personnel Communications Protocols COM-002-4 Please DO NOT use this form. Please use the electronic comment form to submit comments on the proposed draft COM 002 4 (Operating

More information

1. SAR posted for comment (March 20, 2008). 2. SC authorized moving the SAR forward to standard development (July 10, 2008).

1. SAR posted for comment (March 20, 2008). 2. SC authorized moving the SAR forward to standard development (July 10, 2008). Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015 Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014 Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed

More information

Standard TOP Transmission Operations

Standard TOP Transmission Operations A. Introduction 1. Title: Transmission Operations 2. Number: TOP-001-34 3. Purpose: To prevent instability, uncontrolled separation, or Cascading outages that adversely impact the reliability of the Interconnection

More information

Disclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...

Disclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission... CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...

More information

Cyber Threats? How to Stop?

Cyber Threats? How to Stop? Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September

More information

Implementation Plan for Version 5 CIP Cyber Security Standards

Implementation Plan for Version 5 CIP Cyber Security Standards Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 17, 2012 Note: On September 17, 2012, NERC was alerted that some references in the Initial Performance of Certain Periodic

More information

CIP Compliance Workshop Boise, ID March 29, 2018

CIP Compliance Workshop Boise, ID March 29, 2018 CIP-006-6 Compliance Workshop Boise, ID March 29, 2018 Mark Lemery, MSc, CPP, PSP Auditor, Cyber and Physical Security 2 Impact on Reliability Identify WECC s audit approach and inform entities of physical

More information

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s)

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s) A. Introduction 1. Title: Verification and Data Reporting of Generator Real and Reactive Power Capability and Synchronous Condenser Reactive Power Capability 2. Number: MOD-025-2 3. Purpose: To ensure

More information

November 9, Revisions to the Violation Risk Factors for Reliability Standards IRO and TOP

November 9, Revisions to the Violation Risk Factors for Reliability Standards IRO and TOP !! November 9, 2016 VIA ELECTRONIC FILING Jim Crone Director, Energy Division Manitoba Innovation, Energy and Mines 1200-155 Carlton Street Winnipeg MB R3C 3H8 RE: Revisions to the Violation Risk Factors

More information

Draft CIP Standards Version 5

Draft CIP Standards Version 5 Draft CIP Standards Version 5 Technical Webinar Part 1 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 15, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5

More information

Cyber Security Standards Drafting Team Update

Cyber Security Standards Drafting Team Update Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications

More information

Summary of FERC Order No. 791

Summary of FERC Order No. 791 Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure

More information

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Cyber Security Reliability Standards CIP V5 Transition Guidance: Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible

More information

Cyber Security Incident Report

Cyber Security Incident Report Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s)

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s) A. Introduction 1. Title: Verification and Data Reporting of Generator Real and Reactive Power Capability and Synchronous Condenser Reactive Power Capability 2. Number: MOD-025-2 3. Purpose: To ensure

More information

CIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document

CIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document NERC Cyber Security Standards Drafting Team for Order 706 December 2010 This document provides

More information

Standard COM-002-2a Communications and Coordination

Standard COM-002-2a Communications and Coordination A. Introduction 1. Title: Communication and Coordination 2. Number: COM-002-2a 3. Purpose: To ensure Balancing Authorities, Transmission Operators, and Generator Operators have adequate communications

More information

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015 Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces

More information